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(54) Data copyright managennent system and apparatus 



(57) There are provided a digital content manage- 
ment apparatus which further embodies a digital con- 
tent management apparatus used with a user terminal, 
and a system which protects the secrets of a digital con- 
tent. The system and the apparatus are a real time 
(derating system using a micro-kernel, which is incor- 
porated in the digital content management apparatus as 
an inten-uption process having high priority, or is 
arranged in a network system using the digital content 
When a user uses the digital content, whether there is 
an illegitimate usage or not, is watched by intenrupting 
the usage process. In the case where illegitimate usage 
is carried out, a warning is given or the usage is 
stopped. The decryption/re-encryption functions of the 
digital content management apparatus having the 
decryption/re-encryption functions are not restricted to 
the inskie of the user apparatus. By providing the 
decryption/re-encryptlon functions between the net- 
works, the exchange of secret information between dif- 
ferent networks is secured. By using this apparatus for 
converting a crypt algorithm, infbmiation exchange is 
madS* possible between systems which adopt different 
algorithms. 
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Description 

BACKGROUND OF THE INVENTION 

FieMQfthe inventiQn 

The present invention relates to a system for man- 
aging digital content, specifically for managing a copy- 
right of digital content claiming the copyright and for 
securing secrecy of digital content and also relates to 
an apparatus implementing this system. 

Background Art 

In inlbrmation- oriented society of today, a database 
system has been spread in which various data values 
having been stored Independently in each conputer so 
far are mutually used by connecting computers by com- 
munication lines. 

The infomiation having been handled so far by the 
database system is classical type coded information 
which can be processed by a computer and has a small 
amount of information or monochrome binary data like 
facsimile data at most Therefore, the database system 
has not been able to handle data with an extremely 
large amount of information such as a natural picture 
and a motion picture. 

However, while the digital processing technique for 
various electric signals develops, development of the 
digital processing art has shown progress for a picture 
signal other than binary data having been handled only 
as an analog signal. 

By digitizing the above picture signal, a picture sig- 
nal such as a television signal can be handled by a com- 
puter. Therefore, a "multimedia system" for handling 
various data handled by a computer and picture data 
obtained by digitizing a picture signal at the same time 
is notrced as a future technique. 

Because hitherto widely^pread analog content is 
deteriorated in quality whenever storing, copying, edit- 
ing, or transmitting it, copyright issues associated with 
the above operations have not been a large problem. 
However, because digital content is not deteriorated in 
quanty after repeatedly storing, copying, editing, or 
transmitting it, the control of copyrights associated with 
the above operations Is a large problem. 

Because there is not hitherto any exact method for 
handling a copyright for digital content, the copyright is 
handled by the copyright law or relevant contracts. Even 
in the copyright law, condensation money for a digital- 
type sound-or picture- recorder is only systematized. 

Use of a database Includes not only referring to the 
contents of the database but also nonnally effectively 
using tiie database by storing, copying, or editing 
obtained digital content Moreover, it is possible to 
transmit edited digital content to another person via on- 
line by a communication line or via off-line by a proper 
recording medium. Furthermore, it is possible to trans- 



mit the edited digital content to the database to enter it 
as new digital content. 

In an existing database system, only character data . 
is handled. In a multimedia system, however, audio data 
5 and picture data which are originally analog content are 
digitized to a digital content and formed into a datak}ase 
in addition to tfie data such as characters which have 
been formed into a database so far. 

Under the above situation, how to handle a copy- 
10 right of digital content formed into a database is a large 
problem. However, there has not been adequate copy- 
right management means for solving the problem so far. 
particularly copyright management means conpleted 
for secondary utilization of the digital content such as 
15 copying, editing, or transmitting of the digital content 
Altiiough digital content referred to as software witii 
advertisement or as freeware is, generally, available 
free of charge, it is copyrighted and its use may be 
restricted by the copyright depending on the way of use. 
20 In view of the above, the inventor of ttie present 
invention has made various proposals thus far in order 
to protect a copyright of tine digital content. In GB 
2269302 and U. S. Patent 5.504,933. tiie inventor has 
proposed a system for executing copyright manage- 
rs ment by obtaining a permit key from a key management 
center tiirough a public telephone line, and has also 
proposed an apparatus for that purpose in GB 2272822. 
Furthermore, in EP 677949 and in EP 704785. a system 
has been proposed for managing the copyright of tiie 
30 digital content 

In tiiese systems and apparatus, those who wish to 
view encrypted programs request to view a program 
uing a communication device to a management center 
via a communication line, and the management center 
35 transmits a permit key in response to the request for 
viewing, and charges and collects a fee. 

Upon receipt of the permit key, those who wish to 
view tiie program send the permit key to a receiver 
either by an on-line or an off-line means and the 
40 receiver, which has received the permit key, decrypts 
tiie encrypted program according to the permit key. 

The system described in EP 677949 uses a pro- 
gram and copyright information to manage a copyright 
in additfon to a key for permitting usage in order to exe- 
45 cute the management of the copyright In displaying 
(including process to sound), storing, copying, editing, 
and transmitting of the digital content in a database sys- 
tem, including the real time transmission of digital pic- 
ture content. The digital content management program 
50 for managing the copyright watches and manages to 
prevent from using tfie the digital content outside the 
conditions of ttie user's request or permissfon. 

Furthermore. EP 677949 discloses that tfie digital 
content is supplied from a database in an encrypted 
55 State, and is decrypted only when displayed and edited 
by ttie digital content management program, while tiie • 
digital content is encrypted again when stored, copied 
or transmitted. It is also descn'bed tiiat the digital con- 
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tent management program itsetf is encrypted and is 
decrypted by the permit key. and that the deaypted dig- 
ital content management program performs decryption 
and encryption of the digital content, and when usage 
other than storing and displaying of the digital content is 
executed, the copyright information is stored as a his- 
tory, in addition to the original copyright information. 

In U. S. Patent Application Na08^9.270 and EP 
0715241 relating to the present application, there is pro- 
posed an apparatus for decryption/te-encryption having 
configuration of a board, PCMCIA card or an IC card for 
managing the copyright, and a system for depositing a 
crypt key. Also, a reference is made to apply the copy- 
right management method to a video conference sys- 
tem and an electronic commerce system. 

. In U.S. Patent Application No.Oa/549,271 and EP 
709760. a system has been proposed wherein the pro- 
tection of an original digital content copyright and an 
edited digital content copyright in case of the edited dig- 
ital content i^ing a plurality of digital contents is carried 
out by confirming the validity of a usage rquest accord- 
ing to a digital signature on an edit program by combin- 
ing a secret-key cryptosystem and a public- key 
cryptosystem. 

In U.S. Patent Application No.08/573.958 and EP 
719045. various forms have been proposed for applying 
the digital content management system to database 
and video-on-demand (VOD) systems or an electronic 
commerce. 

In U.S. Patent Application No.08/663.463. EP 
746126. a system has been proposed, in which copy- 
rights on an original digital content and a new digital 
content are protected by using a third crypt key and a 
copyright label in case of using and editing a plurality of 
digital contents. 

As can be understood from the digital content man- 
agement systems and the digital content management 
apparatus which have been proposed by the inventor of 
the present invention, described above, the manage- 
ment of a digital content copyright can be realized by 
restricting encryption/decryption/re-encryption and the 
form of the usage by using the copyright management 
program. The cryptography technology and the usage 
restriction thereof can be realized by using a computer. 

In order to use the computer efficiently, an operat- 
ing system (OS) is used which, supervises the overall 
operation of the computer. The conventional operating 
system used on a personal computer or tiie like is con- 
stituted of a kernel for handling basic services such as 
memory control, task control, interruption, and commu- 
nication between processes and OS services for han- 
dling other services. 

However, improvement in the functions of the OS 
which supervises tiie overall operation of computers is 
now being den^nded where circumstances change on 
the computer skle. such as improved capability of 
microprocessors, a deaeased price of RAM (Random 
Access Memory) used as a main memory, as well as 



improvement in tiie performance capability of comput- 
ers IS required by users, as a consequence, the scale of 
an OS has become comperatively larger then before. 
Since such an enlarged OS occupies a large space 
5 itself in the hard disk stored OS, the space for storing 
tiie application programs or data needed by the user is 
liable to be insufficient, with the result in which tiie 
usage convenience in the computer becomes unfavora- 
ble. 

10 In order to cope with such a situation, in the latest 
OS, an environmental sub- system for periorming emu- 
lation of other OS and graphics displaying, and a core 
sub- system such as a security sub-system are 
removed from the kernel, as a sub- system that is a part 

15 that depends on the user. The basic parts such as a 
HAL (hardware abstraction layer) for absorbing differ- 
ences in hardware, a scheduling function, an interrup- 
tion function, and an I/O control function is a micro- 
kernel, and a system service API (Application Program- 

20 ming Interface) is interposed between tiie sub- system 
and tiie micro- kernel, thereby constituting tiie OS. 

By doing so. extension of the OS by change or addi- 
tion of functions will be improved, and portability of tiie 
OS can be facilitated con-esponding to the applications. 

25 By a distributed arrangement for elements of the miao- 
kernel to a plurality of network computers, the distrib: 
uted OS can also be realized without difficulty. 

Computers are used in computer peripheral units, 
various control units, and communication devices in 

30 addition to the personal computers represented by tiie 
desktop type or notebook type computers. In such a 
case, as an OS unique for embedding, applicable to 
each of tiie devices, a real time OS is adopted in which 
execution speed is emphasized, unlike a general-pur- 

35 pose personal computer OS. in which the man- 
machine interiace is emphasized. 

Naturally, tiie development cost for a respective OS 
unique to each device emt>edded will be high. There 
has recently been proposed, therefore, tiiat a general- 

40 purpose OS for personal computers as a real-time OS 
for embedding is used instead. By arranging a specified 
program for embedding in a sub- system combined witii 
tiie micro-kernel, a real-time OS for embedding can be 
obtained. 

45 As the major functions of an OS, there is a task con- 
trol, such as scheduling, interruption processing, and 
the like. With respect to task control, there are two kinds 
of OS's; the single-task type, in which only one task is 
executed at tiie same time, and thg multi-task type, in 

50 which a plurality of task processes are executed at tiie 
same time. The multi-task type is further classified into 
two kinds; one multi-task type, changing of tasks 
depends on the task to be executed, and the ottier multi- 
task type, the changing does not depend on the task to 

55 be executed. 

In the aforementioned types, the single-task type 
assignes one process to a CPU (central processing 
unit) and tiie CPU Is not released until the process 
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comes to an end, and a non-preemptive multi-task type 
performs time-division for the CPU. and the CPU can be 
assigned to a plurality of processes. As long as the 
process which is being executed does not give control 
back to the OS, other processes are not executed. And s 
a preemptive multi-task type interrupts the process 
which is being executed during a certain time interval 
and thereby forcibly move the control to another proc- 
ess. Consequently, real time multi-task can be available 
only in the case of the preemptive type. ro 

Task control in a computer is performed according 
to processes being units having system resources such 
as a memory and a fOe. Process control Is performed 
according to a thread, being a unit in which CPU time is 
assigned, in which the process is minutely divided. Inci- is 
dentally, in this case, the system resources are shared 
in all the threads in the same process. More than one 
threads, therefore, way exist which share the system 
resources in one process. 

Each task which is processed by the multi- task 20 
type has a priority spectrum, which is generally divkled 
into 32 classes, in such a case, a normal task without 
interuption is classified into dynanruc classes which are 
divkied into 0 to 15 classes, while a task perlbmiing 
interruption is classified into real- time classes divkied 25 
into 16 to 31 classes. 

Intenuption processing is carried out using inter- 
ruption enabling time (generally, 10ms) referred to as a 
time slice, as one unit. A normal intenruptbn is carried 
out during a time slice of 10ms. In such a situation, a so 
time slice has recently been proposed wherein the inter- 
ruption enabling time is set to 100 ^s. When such a real 
time slice is used, an interruption can be carried out with 
greater priority than the conventional 10 ms. 

35 

SUMMARY OF THE INVENTION 

In the present application, there is proposed a dig- 
ital conterrt management apparatus which farther 
emtxxiies a digital content management apparatus 40 
which can be used with the user terminal proposed in 
EP 704785. for managing a digital content, specifically, 
a copyright of the digital content claiming the copyright 
And also tiiere is proposed a system to which ttie Mea 
applied to the digital content management apparatus is 46 
further applied for secrecy protection of the digital con- 
tent. 

In the present application, a system for watching 
the illegitimate usage of the digital content and an appa- 
ratus tinerefbr are proposed. These system and appara- so 
tus are a real time operating system using a micro- 
kernel, and are incorporated in the digital content man- 
agement apparatus as an interruption process having a 
high priority, or are arranged in a network system using 
the digital content It is watched wheth^ an illegitimate ss 
usage or not, by interrupting into the use process when 
a user utilizes the digital content In the case where ille- 
gitimate usage is performed, a warning or a stop for the 



usage is given. 

Furthermore, in the present application, decryp-. 
tion/re-encryption functions in the digital content man- 
agement apparatus having the decryption/re-encryption 
functions are not restricted within the user apparatus 
but are provided in a gateway or a node between the 
networks, so tiiat ttie exchange of seaet information is 
secured between different networks. 

By using ttie apparatus accorcfing to ttie present 
invention, for the conversion of crypt algorithm, infonma- 
b'on exchange can be made possible between systems 
which adopt different crypt algorittims. 

BRIEF DESCRI PTION OF THE DRAWINGS 

Rgure 1 is a structural view of a digital content 
management system to which the present Invention is 
applied. 

Rgure 2 is a structural view of a digital content 
management apparatus to which ttie present invention 
is applied. 

Rgure 3 is a structural view of anotiier digital con- 
tent management apparatus to which the present inven- 
tion is applied. 

Rgure 4 is a structural view of a system for watch- 
ing ttie digital content usage acconjing to ttie present 
invention. 

Rgure 5 is a structural view of a system for protect- 
ing digital content secrecy according to the present 
invention. 

DETAILED DESCRIPTION OF THE INVENTION 

The description of the prefenred embodiments 
according to the present invention is given below refer- 
ring to ttie acconrpanied drawings. 

Rgure 1 shows a structure of the digital content 
management system to which the present application 
applies. 

In ttiis digital content management system illus- 
. ti'ated in Rgure 1 . reference numerals 1 , 2 and 3 repre- 
sent databases stored text data, binary data of a 
computer graphhics screen or a computer program and 
digital content of sound or picture data, which are not 
encrypted. 9 represents a communication network con- 
stituted of using a public telephone line offered by a 
communication enterprise or a CATV line offered by a 
cable television enterprise. 4 represents a primary user 
terminal, 5 represents a secondary user terminal, 6 rep- 
resents a tertiary user terminal, and 7 represents an n- 
order user terminal, and 8 represents a digital content 
management center. 

On ttie above arrangement, ttie databases 1. 2. 3. 
ttie digital content management center 8. primary user 
terminal 4. secondary user terminal 5, tertiary user ter- 
minal 6, and n-order user terminal 7 are connected to 
ttie communication network 9. 

In ttiis figure, a path shown by a broken line repre- 
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sents a path Jor transferring encrypted digital content, a 
path shown by a solid Kne represents a path for transfer- 
ring requests from each of the user temrtinals 4, 5, 6. 7 
to the digital content management center 8 and data- 
bases 1 . 2. 3. a path shown by a on&<iot chain line rep- $ 
resents a path through which a permit key 
con^espondlng to a usage request, a digital content 
management program and a crypt key are transferred 
from each of the databases 1 . 2. 3, and the digital con- 
tent management center 8 to each of the user terminals yo 
4. 5. 6. 7. 

This digital content management system employs a 
first public-key Kbi. a first private-key Kv1 correspond- 
ing to the first public-key Kbi . a second public-key Kb2, 
and a second private-key Kv2 corresponding to the sec- is 
ond put>lic-key Kb2 that are prepared by the user, and a 
first secret-key Ksl and a second secret-key Ks2 pre- 
pared by the database. The database enaypts digital 
content M by using the first seaet-key Ksl : 

20 

Cmksl = E(Ks1.M). 

and further encrypts the first secret-key Ksl by the first 
public-key Kbi : 

2S 

Ckslkbl =E(Kb1,Ks1) 

and the second secret-key Ks2 by the second public- 
key Kb2: 

30 

Cks2kb2r=E(Kb2.Ks2). 

The database then transfers these encrypted digital 
content Cmksl, the first and the second secret-keys 
Cks1 kbi and Ck2kb2 to the user. 3S 

The user decrypts the encrypted first secret-key 
Cksl kb1 using the first private- key Kvl : 

Ksl =D(Kv1.Cks1kb1), 

40 

and decrypts the encrypted digital content Cmksl by 
the decrypted first secret-key Ksl : 

M = D(Ks1. Cmksl) 

45 

and uses it The user decrypts encrypted second 
secret-key Cks2kb2 by the second private-key Kv2: 

Ks2 = D (Kv2. Cks2kb2), 

50 

which is subsequently used after decryption as a crypt 
key for storing, copying, or transferring digital content. 

If the primary user 4 copies digital content otTtained 
and then supplies it to the secondary user 5. the digital 
content does not involve the copyright of the primary ss 
user 4 because no modifications have been made to the 
digital content If, however, the primary user 4 produces 
new digital content based on the digital content 



obtained or using a means for combining with other cfig- 
ital content, the new digital content involves a second- 
ary copyright for the primary user 4. and the primary 
user 4 has the original copyright for this secondary 
work. 

Similarty, if the secondary user 5 produces further 
new digital content based on the digital content 
obtained from the primary user 4 or using a means of 
combining with other digital content, the new digital con- 
tent involves a secondary copyright for the secondary 
user 5. and the secondary user 5 has the original copy- 
right of this secondary woric 

Databases 1. 2, and 3 store text data, binary data 
constituting computer graphics screens or programs 
and digital content such as digital audio data and digital 
picture data, which are to be encrypted and supplied to 
the prirr^ry user terminal 4 via network 9 during a digital 
content read operation in response to a request from 
the primary user terminal 4. 

Managing the digital content obtaining from the 
database is carried out by the method described in Jap- 
anese Patent Laid-open No. 185448/1 996 or in Japa- 
nese Patent Laid- Open No.287014/1996. which have 
been proposed by the present inventor. 

Recently, a PCI (Peripheral Component Intercon- 
nect) bus has attracted attention as means for imple- 
menting a multiprocessor configuration in a typical 
personal computer. The PCI bus is a bus for external 
connection connected to a system bus of a computer 
via a PCI bridge, and allows to implement a multiproc- 
essor configuration. 

The digital content includes graphics data, compu- 
ter programs, digital audio data, still picture data by 
JPEG and also moving picture data by MPEG 1 or 
MPEG 2. in additk)n to character data. In case that the 
digital content to be managed is moving picture data by 
JPEG still picture system or moving picture data by 
MPEG 1 or MPEG 2, as having remarkably large 
amount of data with high speed, managing the digital 
content by a single processor is difficult. 

Rgure 2 is a block diagram illustrating an an^nge- 
ment of a digital content management apparatus used 
for managing the digital content of the above in the dig- 
ital content management system shown in Figure 1. 

The digital content management apparatus com- 
prises a first digital content management apparatus 12 
connected to a user terminal 1 1 and a second digital 
content management apparatus 13. 

The first digital content management apparatus 12 
has a computer configuration having a MPU (Miao- 
Processor Unit) 24. a local bus 25 of MPU 24. ROM 
(Read-Only Memory) 26 connected to the local bus 25, 
RAM 27 and EEPROM (Electrically Erasable Program- 
mable Read-Only Memory) 31. 

A PCI bus 23 is connected to a system bus 1 5 for a 
microprocessor 14 of the user terminal 11 via a PCI 
bridge 22 and the local bus 25 for the MPU 24 of the dg- 
Ital content management apparatus 12, and also a local 
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bus 30 for MPU 29 of the digital content nianagement 
apparatus 13 are connected to the PCI bus 23. Also 
connected to the system bus 15 of the user terminal 1 1 
are a oomnrwnications device (COMM) 21 which 
receives digital content from external databases and 5 
transfers digital content to the external of the temiinal, a 
CD-ROM drive (CDRD) 20 which reads digital content 
supplied on CD-ROM, a flexible disk drive (FDD) 19 
which copies received or edited digital content in a flex- 
ible disk to supply to the external of terminal, and hard 70 
disk drive (HDD) 18 used for storing digital content 
COMM 21, CDRD 20. FDD 19. and HDD 18 may also 
be connected to the PCI bus 23. While ROM. RAM ete.. 
of course, are connected to the system bus 15 of the 
user terminal, these are not shown in Rgure 2. 75 

The decryption and re-enayption operations are 
performed by either of the MPU 24 of the first digital 
content management apparatus 12 and the MPU 29 of 
the second digital content management apparatus 13, 
i.e.. one periorms decryption and the other performs re- 20 
encryption at the same time. Since the conf iguration of 
the MPU 24 and MPU 29 in Rgure 2 is a multiprosessor 
configuration which performs parallel processing with a 
PCI bus 23. high processing speed can be achieved. 

In the digital content management apparatus 25 
shown in Figure 2. the storage device, such as HDD 18. 
for storing re-encrypted digital content is connected to 
the system bus 15 of the user terminal 11. In order to 
store re-encrypted digital content therefore, the 
encrypted digital content must be transfenred by way of 30 
the system bus 15 of the user terminal 1 1 and the local 
bus 25 or 30 of the digital content management appara- 
tus 12 or 13. and consequently, processing speed can 
be slowed. 

In the digital content management apparatus 35 
shown In Rgure 3. a communications device COMM 
and a CD-ROM drive CDRD are connected to a local 
bus of a digital content management apparatus for 
decryption, and a storage device such as HDD for stor- 
ing re-encrypted digital content is connected to the local 40 
bus of a digital content management apparatos for re- 
encryption. 

The digital content management apparatus 35 for 
decryption has the computer system configuration hav- 
ing a MPU 37. a local bus 38 for tiie MPU 37. and ROM 4S 
39, RAM 40 and EEPROM 41 connected to ttie focal 
bus 38. and a communication device COMM 42 and a 
CD-ROM drive CDRD 43 are connected to the local bus 
38. The encrypted digital content supplied from the 
communication device COMM 42 and the CD-ROM so 
drive CDRD 43 is deaypted in this apparatus. 

The digital content management apparatus 36 for 
re- encryption has the computer system configuration 
having a MPU 44. a focal bus 45 for the MPU 44, and 
ROM 46. RAM 47 and EEPROM 48 connected to the 55 
local bus 45, and HDD 39 Is connected to the local bus 
45. The digital content which has been re-encrypted in 
the digital content management apparatus 36 for re- 



encryption is stored in HDD 39. 

In the protection of a digital content copyright, the 
greatest issue Is how to prevent from illegitimate usage 
of the digital content on the user side apparatus. 
Deayption/re-encryption and restriction on usage are 
carried out by a digital content management program for 
this purpose. 

However, since decryption/re-encryption of the (fig- 
ital content to be protected the copyright is performed 
using an apparatus on the user side, it is virtually impos- 
sible to expect that processing of the decryption/re- 
encryption and the management of the crypt key which 
is used for the purpose will be complete. There is a pos- 
sibility that the digital content will be illegitimately 
stored, copied, transmitted and edited by invalidating 
ttie digital content management program. 

In order to restrict such illegitimate usage, it is 
required ttiat a digital content management program for 
decryption/re-enayption of the digital content, and for 
managing the crypt key cannot be altered by the user. 
For this purpose, incorporation of tiie digital content 
management program into the hardware is the most 
secure method. 

For example, there is a configuration in which a 
dedicated scramble decoder is currently used for 
descrambling scrambled broadcast programs in analog 
television broadcast, so tiiat decryption/re-encryption of 
tiie digital content and management of the crypt key are 
available only by using a dedicated digital content man- 
agement apparatus. 

Altiiough such a configuration is reliable, the sys- 
tem structure is lacking In flexibility. When tiie apparatus 
on tiie user side is changed, or tiie digital content man- 
agement program is changed, it is very hard for the user 
to respond to such changes. In case of a network com- 
puter on which has been recentiy focused, since the 
network computer does not have a function for storing 
the digital content management program, it wouki be 
impossible to realize the digital content management 
program In the hardware. 

In order to correspond with flexibility to a case 
where the apparatus on the user side changes, or a 
case where the digital content management program is 
changed, it is desirable for the digital content manage- 
ment program to be software. However, there is a possi- 
bility ttiat the digital content management program is 
altered as long as the digital content management pro- 
gram is an application program. 

For the digital content management program being 
software, the digital content management program is 
required to be incorporated in a kernel that is a fixed 
area in OS and cannot be altered by tiie user. However, 
it is not practical for the digital content management pro- 
gram to be incorporated in the fixed area of the kernel, 
where the digital content management system and tiie 
ayptosystem are differentiated between tiie databases. 

As described above, some real time OS can per- 
form interruption in real time slice time which is one or 
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two figures laster than the time slice of the system in 
another OS that includes kernel area. By using this 
technology, the usage status of the digital content which 
is claiming the copyright is watched without affecting 
the overall operation. And if an illegitimate usage is 5 
found, it is possible to give a warning or to fordUy stop 
the usage thereof. 

Next a method for reinforcing a digital content man- 
agement program by using a real time OS is descnbed. 

The digital content management apparatus shown 10 
in Rgure 2 has a multi- processor structure in which a 
first digital content management apparatus 12 and a 
second digital content management apparatus 13 are 
connected to an apparatus on the user side via a PCI 
bus. The decryption operation of the f irst digital content is 
management apparatus 12 and re-encryption operation 
of the second digital content management apparatus 13 
are controlled by the digital content management pro- 
gram in the user terminal 1 1 . 

The digital content management program of the ^ 
user terminal 1 1 also manages the operations of the 
communication device 21, the CD-ROM drive 20. the 
flexible disk drive 19 and the hard disk drive 18. which 
manages loading or downloading of encrypted digital 
content and storing into the hard disk drive 18, copying 25 
to the flexible disk drive 1 9 and uploading to the comnni- 
nication device 21 of re-encrypted digital content. 

Since illegitimate usage of the digital content is car- 
ried out by unauthorized editing, unauthorized storing, 
unauhorized copying or unauthorized uploading of the 3o 
decrypted digital content, whther the illegitimate usage 
has been canied out or not. can be detected by whether 
editing, storing, copying or uploading of the deaypted 
digital content is performed or not. As a consequence, 
the process for watching the Illegitimate usage inter- 35 
rupts a digital content use process which is being exe- 
cuted in a certain time interval, while inten-upting by a 
preemptive type multi-task which forcibly carries out 
watching of the process. 

The multi-task time slice normally carried out is 40 
10ms. and the decryption/re-encryption process is car- 
ried out in this time unit On the other hand, the fastest 
real time slice is 100 ^is, which is 1/100 of the normal 
time unit. Consequently, the watching task, which has 
high intenuption priority, can watch the digital content 45 
as to whether the decrypted digital content is being 
edited, stored, copied or uploaded, so that the usage 
status of the digital content for which the copyright is 
claimed can tjp watched without affecting regular usage 
by the us^. and the illegitimate usage is found, a warn- so 
ing can be given and usage thereof can be forcibly 
stopped. 

The digital content management program with such 
a watching function is incorporated into a sub- system 
area which is operated in the user mode in place of the ss 
kernel of the OS, and the watching process Is regarded 
as a process with a high prtority. By constituting the sys- 
tem in this way. the usage status of the digital content by 



decryption/re-encryption and also the illegitimate usage 
other than the permitted usage can be watched at the 
same time, and such watching can be executed 
smoothly. 

Since these operations are the same in the case of 
the digital content management apparati^ which is 
shown in Rgure 3, a further explanation thereof is omit- 
ted. 

Next, a structure for watching the illegitimate usage 
of the digital content in the distritxjted OS is described 
referring to Figure 4. Rgure 4 illustrates a structure of a 
general distributed type OS. in which servers 51 to 54 
and clients 55 to 58 are connected to a networi^ 50. 

The network 50 is a restricted network such as LAN 
(Local Area Network) in a office. Each of the servers 51 
to 54 stores basic OS elements of the micro-kernel, 
application elements which are a sub-system, or the 
digital content. In order to manage tiie digital content, 
the digital content management program which has 
been desaibed so far is required. This digital content 
management program is stored, for example, in the 
server 54. And the watching program for watching the 
illegitimate usage of the digital content having a high pri- 
ority for interruption is stored, tor example, in the super- 
visory server 51 for supervising the overall operation of 
the distributed OS. 

Although the terminal apparatus of the clients 55 to 
58 is a simple terminal, the terminal is provided with a 
copying device such as a flexible drive or tiie like when 
necessary. 

In such a structure, when the clients 55 to 58 use 
the dig'rtal content which is stored In the servers 51 to 
54. the clients 55 to 58 are supplied the micro-kernel 
that is the basic OS elements from each of the servers, 
and also supplied the digital content management pro- 
gram which is stored in the server 54, and thus, the dig- 
ital content can be used. 

The digital contents stored in the server are either 
encrypted or not encrypted. In ettiier of ttiese cases, the 
digital content is supplied witii encrypted when supplied 
to the clients. Therefore, in order for tiie client to use the 
encrypted digital content it is necessary to obtain the 
crypt key and to decrypt by the digital content manage- 
ment program as has been described above. 

The fact that the client uses the digital content and 
tiie digital content management program is grasped by 
the supervisory server 51 . This watching process auto- 
matically interrupts tiie process which is being executed 
by the client at regular intervals witiiout the client's 
request, and watchs. and gives a warning or stop of tiie 
usage if an illegitimate usage is detected. 

Since such a watching process can be completed 
with a process having a small size, and therefore, that 
affects littie on tiie operation on the client side, and the 
user does not notice tiie operation of tiie watching pro- 
gram. 

in the distributed OS, ttie senders and tiie. clients 
have been explained as separated. However, the afbre- 
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mentioned structure may be applied when a cfient 
machine is provided with a hard disk drive, and the cli- 
ent machine also serves as the server machine. When 
the network 50 is not a restricted one as LAN In a office, 
but a non- restrk;ted one such as the Iriternet system, 
the aforementioned structure can be also applied. 

In particular, such a structure is effective in a net- 
work computer system. Even in the case where the user 
nxxlif ies a computer not provided with a storage device, 
a copying device or a communication device for trans- 
mission, or use a normal computer pretending to be of a 
network computer system, the digital content can .be 
managed by remote control. 

Furthermore, the structure can be applied to the 
digital content management system shown in Rgure 1. 
In such a case, the watching program is stored in the 
digital content management center 8 of Rgure 1 to reg- 
ularly watch whether users illegitimately use the 
encrypted digital content supplied from the database 
through the network 9 by remote control. 

In case that the digital content Is broadcast via ana- 
tog data broadcast or via digital data broadcast, the 
watch program may be transferred by inserting to the 
digital content. Also, the watch program may be resident 
in a apparatus of the digital content user so that the 
remote control is made possible by periodically broad- 
casting watch program control signal. 

In the case where the digital content having a large 
amount of information, such as digital picture content is 
handled in the digital content management system 
which is carried out via the network, an ISDN (Inte- 
grated System for Digital Network) line is used in many 
cases as a communication line. 

As the ISDN line, there are generally used two data 
channels having data transmission speed of 64 Kbps 
(klo bits per second) referred to as B cannels. and a 
control channel having data transmission speed of 16 
Kbps referred to as D channel. Naturally, the digital con- 
tent is transmitted through one or two data channels, 
while the D channel is not used in many cases. 

Thus, if the D channel is used for the inten-upting 
watching by the watch program, it would be possible to 
watch the usage status by remote control without affec- 
tioning the usage of the digital content at all. 

When the user uses information to which a copy- 
right is claimed, the real time OS is automatically linked 
to the key center, it Is also possible to watch and man- 
age the re-encryption mechanism with a real time OS 
as a result. 

Further, in the case where a digital content creator 
or an end user uses information to which a copyright is 
claimed, a re-encryption program resident in the PC 
uses the real time OS so that remote watching and 
managing can be made possO^fe. 

Next, application of the digital content management 
system to the prevention of the leiakage of information is 
described. Rgure 5 illustrates a structure of the system 
for preventing from the leakage of information by apply- 



ing the system to an intranet system in which a LAN is 
connected to the Internet system. 

In Rgure 5, reference numerals 60. 61 . and 62 rep- 
resent the network systems which are connected to 

5 each other t>y a public lines 63, 63. In particular, the net- 
work system 62 is a LAN system established in a office 
or the like. TTiese network systems are connected with 
each other via a putMic communication line or the like to 
constitute an Intemet system as a whole. Clients 64. 64. 

10 64 are connected to the LAN system 62 and servers not 
shown in the figure are connected in addition. 

The LAN system has secret data such as business 
secrets and the like therein. Since the LAN system is 
connected to the outside network the problems of the 

15 leakage of the secret information to the outskJe, or of 
the access to the seaet information from the outside 
may arise. As a consequence, although an information 
partition, called a "fire-wall,** is normally provkied 
between the LAN system and the public line, that is not 

20 technologically perfect. Also, even in tiie case of the 
business secret data, it may be necessary to ^pply the 
business secret data to another party, where the 
another party network has a common interest, and in 
such a case, the presence of the fire-wall becomes an 

25 obstacle. 

As has been described repeatedly, the manage- 
ment of the secret data can be completely earned out 
through encryption. In the case where the crypt algo- 
rithm used in the other party network is comnmn witii 

30 the algorithm used in the one's own network, the seaet 
data can be shared by sending the crypt key to the other 
party by some means. In the case where the crypt algo- 
ritiim used in the otiier party network is different from 
the algorithm which is used in one's own network, such 

35 means cannot be adopted. 

In order to cope with such a problem, crypt key con- 
version devices 65, 66 and 67 are anranged in place of 
or together witii the fire-wall in the Internet system 
shown in Rgure 5. These crypt key conversion devices 

40 65. 66 and 67 have the same configuration as tiie digital 
content management apparatus which have been 
descrbed by using Rgures 2 and 3. and perform 
decryption/re-encryption by two different crypt keys. 
For example, ttie crypt algorittim conversion device 

45 65 decrypts the data which is enaypted by a crypt algo- 
ritiim unique to the network 60 and re-encrypts the 
decrypted data by a crypt algorithm which is common in 
the whole Internet system. The crypt algoritiim conver- 
sion device 67 that has received the re-encrypted data 

50 decrypts the re-encrypted data, encrypts the decrypted 
data by the crypt algorithm unique to the network 62, 
and supplies it to the client 64. 

By doing so. it becomes possible to handle the 
encrypted data between networks that adopt different 

55 aypt algorithms. Here, tiiere may be two cases; one is 
a case in which the crypt key is not changed at all, and 
the otiier is a case in which the aypt key is changed at 
each stage. 
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In using databases, in a case where a data storing 
server referred to as "proxy server" or "chache server" is 
used, and where the digital content is encrypted, the 
crypt key or crypt algorithm used between the data 
server and the proxy server may be diffrentiated from 
the crypt key or crypt algorithm used between the proxy 
server and a user, and then, the conversion of them is 
canried out by using the crypt key conversion device or 
crypt algorithm conversion device, so that the encrypted 
digital content can be prevented from illegitimate usage 
thereof. 

The conversion of . the crypt algorithm by these 
devices can be effected by units of countries. Even in 
the case where crypt algorithms are used which differ 
from one country to another, it becomes possit^e to 
adopt a key escrow system unique to the respective 
country, or a key recovery system using the key escrow 
system. 

For example, the crypt key conversion device 65 
decrypts an encrypted data from the network 60. and 
re-encrypts the decrypted data by using the crypt key 
common to the whole Internet system. Tlie crypl key 
conversion device 67 which has received the re- 
encrypted data decrypts the re-encrypted data by using 
the crypt key common to the whole Internet system, and 
re-encrypts the decrypted data and supplies it to the cli- 
ent 64. By doing this, the problem of sending the crypt 
key is alleviated. 

These crypt key conversion devices 65. 66 and 67 
can be an'anged in a gateway or a node which is used 
as a connection between networks. Further, even in a 
closed network system other than the Internet, which is 
a liberated system, this system functions efficiently in 
such cases where individual information such as relia- 
bility Information, medical information or the like is han- 
dled, and where access to the data is necessary to differ 
by levels. 

These crypt key conversion devices also can be 
used so as to convert the crypt algorithm. There are plu- 
rality of aypt algorithms which are currently used or 
proposed. In the worst case, a plurality of networks 
using different crypt algorithms respectively coexist 
and thus, compatibility is lost, which becomes an obsta- 
cle to the development of the information oriented soci- 
ety. Even if a new effective crypt algorithm is developed, 
and if it has not compatibility with the existing crypt algo- 
rithm, an obstacle to the development of the information 
oriented society may similarly be brought. 

In order to cope with such problems, tiie crypt algo- 
rithm can be converted by arranging the crypt key con- 
version devices 65. 66 and 67 of Figure 5 in the gateway 
or in the node. These crypt algorithm conversion 
devices decrypt tiie encrypted data to be re-encrypted 
with a different crypt algorithm. 

Claims 

1 . A digital content management system which uses a 



digital content for managing digital content copy- 
rights having: 

a server In which a watch program with high 
5 Interruption priority is stored, and being consti- 

tuted as a real time operating system using a 
micro-kernel, in a network. 

2* A digital content management apparatus used via a 
10 user terminal which uses a digital content for man- 
aging digital content copyrights, comprising: 

said digital content management apparatus 
comprising a microprocessor, a microproces- 
15 sor bus. a readK>nly semiconductor memory. 

an electrically erasable and programmable 
read-only memory, and a read/write memory, 
wherein: 

20 said microprocessor, said read-only semicon- 

ductor memory, said electrically erasable and 
programmable read-only memory and said 
read/write memory are connected to said 
microprocessor bus. and a system bus of said 

25 user terminal is capable of being connected to 

said microprocessor bus; 

a digital content management system program, 
a crypt algoritiim. and a watch program which 
30 is a micro-kernel type real time operating sys- 

tem are stored in said read-only semiconductor 
memory: and 

a first public-key. a first private-key, a second 
35 public-key. a second private-key. a digital con- 

tent management program, a first secret-key, a 
second secret key and copyright information 
are stored in said electronically erasable and 
programmable read-only memory. 

40 

3. A digital content management system which pro- 
tects the secrets of a digital content in a network 
having a decryption/re-encryption apparatus 
between networks. 

45 

4. A digital content management apparatus which pro- 
tects the secrets of a digital content in a network 
comprising: 

50 said digital content management apparatus 

comprising a microprocessor, a microproces- 
sor bus, a read-only semiconductor memory, 
an electi'ically erasable and programmable 
read-only memory and a read/write memory, 

55 wherein 

saki microprocessor, said read-only semicon- 
ductor memory, said electrically erasable and 
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programmable read-only memory and said 
read/write memory are connected to said 
microprocessor bus, and a system bus of the 
user terminal is capable of being connected to 
said mlaoprocessor bus; 5 

a digital content management system program, 
a crypt algorithm, and a watching program 
which is a micro-kernel type real time operating 
system are stored in said read-only semioon- 10 
ductor memory: and 

a first public-key. a first private-key, a second 
public-key, a second private-key, a digital con- 
tent management program and a first seaet- is 
key, a second seaet-key. and copyright Infor- 
mation are stored in said electrically erasable 
and programmable read-only memory 

5. A digital content management apparatus according 20 
to dalm 2 or 4. which is configured in the form of an 

IC chip. 

6. A digital content management apparatus according 

to claim 2 or 4. which is configured in the form of an 25 
IC card. 

7. A digital contents management apparatus accord- 
ing to daim 2 or 4. which is configured in the form of 

a PC card. 30 

8. A digital contents management apparatus accord- 
ing to claim 2 or 4, which is configured in the form of 
an inserted board. 

35 
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